Enterprise system authentication and authorization via gateway

US 9,584,515 B2
Filed: 04/30/2014
Issued: 02/28/2017
Est. Priority Date: 04/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing device from a client computing device, authentication credentials associated with the client computing device;

authenticating, by the computing device, the client computing device using the authentication credentials associated with the client computing device;

transmitting, by the computing device and in response to a successful authentication of the client computing device on the computing device, a session cookie to the client computing device, the session cookie authenticating the client computing device on the computing device for a first session;

passing, by the computing device to an enterprise computing device via a network, a request transmitted by the client computing device via the network for access to an enterprise resource computing device;

transmitting, by the computing device to the enterprise computing device, information comprising;

the authentication credentials associated with the client computing device; and

a request for the enterprise computing device to transmit, to the computing device, authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;

receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client computing device, the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;

transmitting, by the computing device to the enterprise resource computing device, the request transmitted by the client computing device for access to the enterprise resource computing device with the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource; and

passing, by the computing device to the client computing device via the network, information associated with the enterprise resource computing device based on the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.

11 Citations

View as Search Results

17 Claims

1. A method comprising:
- receiving, by a computing device from a client computing device, authentication credentials associated with the client computing device;
  
  authenticating, by the computing device, the client computing device using the authentication credentials associated with the client computing device;
  
  transmitting, by the computing device and in response to a successful authentication of the client computing device on the computing device, a session cookie to the client computing device, the session cookie authenticating the client computing device on the computing device for a first session;
  
  passing, by the computing device to an enterprise computing device via a network, a request transmitted by the client computing device via the network for access to an enterprise resource computing device;
  
  transmitting, by the computing device to the enterprise computing device, information comprising;
  
  the authentication credentials associated with the client computing device; and
  
  a request for the enterprise computing device to transmit, to the computing device, authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;
  
  receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client computing device, the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;
  
  transmitting, by the computing device to the enterprise resource computing device, the request transmitted by the client computing device for access to the enterprise resource computing device with the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource; and
  
  passing, by the computing device to the client computing device via the network, information associated with the enterprise resource computing device based on the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising receiving, by the computing device from the enterprise computing device and in response to passing the request transmitted by the client computing device for access to the enterprise resource computing device, a message indicating a denial of the request.
  - 3. The method of claim 2, wherein the message indicating a denial of the request comprises an identification of the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
  - 4. The method of claim 3, wherein the message indicating a denial of the request further comprises an identification of a location of where to retrieve the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
  - 5. The method of claim 1, wherein the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device comprises one or more tokens, the method further comprising:
    - determining, by the computing device based on information within the request transmitted by the client computing device and not based on any additional information provided by the client computing device, whether gaining access to another enterprise resource computing device is needed along with access to the enterprise resource computing device; and
      
      when it is determined that gaining access to the another enterprise resource computing device is needed, obtaining information associated with the enterprise resource computing device and the another enterprise resource computing device, and providing the information to the client computing device.
  - 6. The method of claim 1, wherein receiving the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device comprises receiving, by the computing device, a first token from a first source and a second token from a second source, the method further comprising:
    - transmitting, by the computing device, the first token to the enterprise computing device;
      
      receiving, by the computing device from the enterprise computing device and based on the first token, access to information associated with the first source;
      
      transmitting, by the computing device, the second token to the enterprise computing device; and
      
      receiving, by the computing device from the enterprise computing device and based on the second token, access to information associated with the second source; and
      
      passing, by the computing device to the client computing device, information associated with at least one of the first and second sources.
  - 7. The method of claim 1, wherein the transmitting, by the computing device to the enterprise computing device, information comprisingauthentication credentials associated with the client computing device comprises:
    - determining, by the computing device, whether or not first authentication credentials provided by the client computing device to the computing device are sufficient to gain access to the enterprise resource computing device; and
      
      when the determining is that the first authentication credentials provided by the client computing device to the computing device are insufficient to gain access to the enterprise resource computing device, adding second authentication credentials to the first authentication credentials as the authentication credentials to be sent to the enterprise computing device.
  - 8. The method of claim 6, wherein the first source comprises the enterprise resource computing device and the second source comprises a different enterprise resource computing device.
  - 9. The method of claim 1, further comprising retrieving, by the computing device, the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device from one of a local memory of the computing device and an external source.

10. A system, comprising:
- at least one processor; and
  
  at least one memory storing instructions that, when executed by the at least one processor, cause the system to perform;
  
  receiving, by a computing device from a client computing device, authentication credentials associated with the client computing device;
  
  authenticating, by the computing device, the client computing device using the authentication credentials associated with the client computing device;
  
  transmitting, by the computing device and in response to a successful authentication of the client computing device on the computing device, a session cookie to the client computing device, the session cookie authenticating the client computing device on the computing device for a first session;
  
  passing, by the computing device to an enterprise computing device via anetwork, a request transmitted by the client computing device via the network for access to an enterprise resource computing device;
  
  transmitting, by the computing device to the enterprise computing device, information comprising;
  
  the authentication credentials associated with the client computing device; and
  
  a request for the enterprise computing device to transmit to the computing device authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;
  
  receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client computing device, the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;
  
  transmitting, by the computing device to the enterprise resource computing device, the request transmitted by the client computing device for access to the enterprise resource computing device with the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource; and
  
  passing, by the computing device to the client computing device via the network, information associated with the enterprise resource computing device based on the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the instructions further cause the system to perform receiving, by the computing device from the enterprise computing device and in response to passing the request transmitted by the client computing device for access to the enterprise resource computing device, a message indicating a denial of the request.
  - 12. The system of claim 11, wherein the message indicating a denial of the request comprises an identification of the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
  - 13. The system of claim 12, wherein the message indicating a denial of the request further comprises an identification of a location of where to retrieve the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
  - 14. The system of claim 10, the instructions further cause the system to perform:
    - determining, by the computing device based on information within the request transmitted by the client computing device and not based on any additional information provided by the client computing device, whether gaining access to another enterprise resource computing device is needed along with access to the enterprise resource computing device; and
      
      when it is determined that gaining access to the another enterprise resource computing device is needed, obtaining information associated with the enterprise resource computing device and the another enterprise resource computing device, and providing the information to the client computing device.
  - 15. The system of claim 10, wherein receiving the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device comprises receiving, by the computing device, a first token from a first source and a second token from a second source, wherein the instructions further cause the system to perform:
    - transmitting, by the computing device, the first token to the enterprise computing device;
      
      receiving, by the computing device from the enterprise computing device and based on the first token, access to information associated with the first source;
      
      transmitting, by the computing device, the second token to the enterprise computing device; and
      
      receiving, by the computing device from the enterprise computing device and based on the second token, access to information associated with the second source; and
      
      passing, by the computing device to the client computing device, information associated with at least one of the first and second sources.

16. One or more non-transitory computer-readable storage media having instructions stored thereon, that when executed by one or more processors, cause the one or more processors to perform:
- receiving, by a computing device from a client computing device, authentication credentials associated with the client computing device;
  
  authenticating, by the computing device, the client computing device using the authentication credentials associated with the client computing device; and
  
  transmitting, by the computing device and in response to a successful authentication of the client computing device on the computing device, a session cookie to the client computing device, the session cookie authenticating the client computing device on the computing device for a first session;
  
  passing, by the computing device to an enterprise computing device via a network, a request transmitted by the client computing device via the network for access to an enterprise resource computing device;
  
  transmitting, by the computing device to the enterprise computing device via the network, information comprising;
  
  the authentication credentials associated with the client computing device; and
  
  a request for the enterprise computing device to transmit to the computing device authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;
  
  receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client computing device, the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device;
  
  transmitting, by the computing device to the enterprise resource computing device, the request transmitted by the client computing device for access to the enterprise resource computing device with the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource; and
  
  passing, by the computing device to the client computing device via the network, information associated with the enterprise resource computing device based on the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device.
- View Dependent Claims (17)
- - 17. The one or more non-transitory computer-readable storage media of claim 16, wherein receiving the authorization information associated with the enterprise resource computing device needed for gaining access to the enterprise resource computing device comprises receiving, by the computing device, a first token from a first source and a second token from a second source, wherein the instructions further cause the one or more processors to perform:
    - transmitting, by the computing device, the first token to the enterprise computing device;
      
      receiving, by the computing device from the enterprise computing device and based on the first token, access to information associated with the first source;
      
      transmitting, by the computing device, the second token to the enterprise computing device; and
      
      receiving, by the computing device from the enterprise computing device and based on the second token, access to information associated with the second source; and
      
      passing, by the computing device to the client computing device, information associated with at least one of the first and second sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Hayton, Richard, Innes, Andrew
Primary Examiner(s)
DOLLY, KENDALL LYNN

Application Number

US14/265,661
Publication Number

US 20150319174A1
Time in Patent Office

1,035 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/205   involving negotiation or de...

H04W 12/069   using certificates or pre-s...

Enterprise system authentication and authorization via gateway

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise system authentication and authorization via gateway

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links